'''
proxystrike.py

Copyright 2009 Xavier Mendez Navarro aka Javi

This file is part of pysqlin

pysqlin is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation version 2 of the License.

pysqlin is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with pysqlin; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
'''

import logging
import re

from framework.interfaces import IPlugin
from framework.baseclass import BPlugin
from lib.importer import Importer

import xml.dom.minidom
from xml.dom.minidom import Node

class Proxystrike(Importer, IPlugin):
    """Launchs and controls the injection threads"""

    def __init__(self, api):
	BPlugin.__init__(self, api)

	self.__logger = logging.getLogger('plugins.auxiliary.import.Proxystrike')

    def load(self, api):
	return self

    def name(self): return "Proxystrike importer"
    def description(self): 
	return """
	Imports injections from ProxyStrike sql injection plugin. 
	
	http://code.google.com/p/proxystrike/
	"""

    def init(self):
	pass

    def parameters(self): 
	return super(Proxystrike, self).parameters()

    def commands(self): 
	return (
	    ('import', 'Import proxystrike SQL injection results', 'import <file.xml>', [('file',(), None)], self.cmd_import),
	)

    def __get_text(self, el):
	rc = ""
	for node in el.childNodes:
	    if node.nodeType == node.TEXT_NODE:
		rc = rc + node.data
	return rc.strip()

    def cmd_import(self, **event):
	all_sqli = []

	try:
	    doc = xml.dom.minidom.parse(event['parameters']['file'])
	    for node in doc.getElementsByTagName("SqlInjResult"):
		for node_req in node.getElementsByTagName("request"):
		    method = node_req.getAttribute("method")

		    url = self.__get_text(node_req.getElementsByTagName("URL")[0])

		    if node_req.getElementsByTagName("Cookie"):
			cookie = self.__get_text(node_req.getElementsByTagName("Cookie")[0])
		    else: cookie = ""

		    post_data = ""
		    if node_req.getElementsByTagName("PostData"):
			post_data = self.__get_text(node_req.getElementsByTagName("PostData")[0])

		for node_var in node.getElementsByTagName("variable"):
		    if node_var.getAttribute("result") == 'FingerPrint':
			var = node_var.getAttribute("name")
			itype = self.__get_text(node_var.getElementsByTagName("InjectionType")[0])
			database = self.__get_text(node_var.getElementsByTagName("DatabaseFingerPrint")[0])

			db = self.dbpstrike_to_dbpysqlin(database)
			if database is not None:
			    all_sqli.append( (url, post_data, cookie, var, method, itype, db, None) )
		    elif node_var.getAttribute("result") == 'Injection':
			var = node_var.getAttribute("name")
			itype = self.__get_text(node_var.getElementsByTagName("InjectionType")[0])
			if node_var.getElementsByTagName("DatabaseError"):
			    database = self.__get_text(node_var.getElementsByTagName("DatabaseError")[0])

			    db = self.dbpstrike_to_dbpysqlin(database)
			    if database is not None:
				all_sqli.append( (url, post_data, cookie, var, method, itype, None, db) )
	except IOError:
	    return "File not found"
	except Exception, e:
	    return "Error parsing file, exception: %s" % e

	#self.sqlimport(self.choose(all_sqli))
	self.sqlimport_all(all_sqli)

def load(api):
    return  Proxystrike(api)

